General
-
Target
93250c6e69d58e4828236164ca0fbaf8_JaffaCakes118
-
Size
971KB
-
Sample
240813-p3ccnsthnh
-
MD5
93250c6e69d58e4828236164ca0fbaf8
-
SHA1
9c3864435205aebebe36fd1f5f5b39ab65e288a0
-
SHA256
70b2813f19e3a492d2104c92fdffbc73c53980e7e04677f7f7130e610bb59d97
-
SHA512
d2f080be74f9547d215bfba87e8764159fdd902959f694571dcf4170e3a513ee94a1ed8a9208834089e32e612f30f125987f1d159d96523da4ddf5c5e227a7f9
-
SSDEEP
24576:0nNg/8crjd1MGjphoNQycGGmyD8PuViHFmSoZ1P9ghay5d:IGzBCGjpONQ9/qPXgjZQ
Malware Config
Extracted
darkcomet
Guest16
127.0.0.1:1604
botnetclients.zapto.org:1604
DC_MUTEX-C1V4ZZM
-
gencode
P95jJ0my1RDK
-
install
false
-
offline_keylogger
true
-
persistence
false
Extracted
latentbot
botnetclients.zapto.org
Targets
-
-
Target
93250c6e69d58e4828236164ca0fbaf8_JaffaCakes118
-
Size
971KB
-
MD5
93250c6e69d58e4828236164ca0fbaf8
-
SHA1
9c3864435205aebebe36fd1f5f5b39ab65e288a0
-
SHA256
70b2813f19e3a492d2104c92fdffbc73c53980e7e04677f7f7130e610bb59d97
-
SHA512
d2f080be74f9547d215bfba87e8764159fdd902959f694571dcf4170e3a513ee94a1ed8a9208834089e32e612f30f125987f1d159d96523da4ddf5c5e227a7f9
-
SSDEEP
24576:0nNg/8crjd1MGjphoNQycGGmyD8PuViHFmSoZ1P9ghay5d:IGzBCGjpONQ9/qPXgjZQ
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
LatentBot
Modular trojan written in Delphi which has been in-the-wild since 2013.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-